]>
Commit | Line | Data |
---|---|---|
184eed6a | 1 | # $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $ |
23c2a7a5 | 2 | |
b2d818e6 | 3 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin |
4 | ||
61e96248 | 5 | # This is the sshd server system-wide configuration file. See sshd(8) |
6 | # for more information. | |
8efc0c15 | 7 | |
8 | Port 22 | |
d6f24e45 | 9 | #Protocol 2,1 |
adc83ebf | 10 | #ListenAddress 0.0.0.0 |
48e671d5 | 11 | #ListenAddress :: |
a98da4aa | 12 | |
13 | # HostKey for protocol version 1 | |
5f4fdfae | 14 | HostKey /etc/ssh_host_key |
a98da4aa | 15 | # HostKeys for protocol version 2 |
e2fccec3 | 16 | HostKey /etc/ssh_host_rsa_key |
582038fb | 17 | HostKey /etc/ssh_host_dsa_key |
a98da4aa | 18 | |
19 | # Lifetime and size of ephemeral version 1 server key | |
8efc0c15 | 20 | KeyRegenerationInterval 3600 |
a98da4aa | 21 | ServerKeyBits 768 |
dd092f97 | 22 | |
5f4fdfae | 23 | # Logging |
adc83ebf | 24 | SyslogFacility AUTH |
dd092f97 | 25 | LogLevel INFO |
5f4fdfae | 26 | #obsoletes QuietMode and FascistLogging |
272b7f60 | 27 | |
a98da4aa | 28 | # Authentication: |
29 | ||
30 | LoginGraceTime 600 | |
31 | PermitRootLogin yes | |
32 | StrictModes yes | |
33 | ||
34 | RSAAuthentication yes | |
35 | PubkeyAuthentication yes | |
36 | #AuthorizedKeysFile %h/.ssh/authorized_keys | |
a98da4aa | 37 | |
38 | # rhosts authentication should not be used | |
dd092f97 | 39 | RhostsAuthentication no |
a98da4aa | 40 | # Don't read the user's ~/.rhosts and ~/.shosts files |
41 | IgnoreRhosts yes | |
5f4fdfae | 42 | # For this to work you will also need host keys in /etc/ssh_known_hosts |
43 | RhostsRSAAuthentication no | |
8002af61 | 44 | # similar for protocol version 2 |
45 | HostbasedAuthentication no | |
a98da4aa | 46 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication |
47 | #IgnoreUserKnownHosts yes | |
8efc0c15 | 48 | |
49 | # To disable tunneled clear text passwords, change to no here! | |
50 | PasswordAuthentication yes | |
51 | PermitEmptyPasswords no | |
61e96248 | 52 | |
184eed6a | 53 | # Uncomment to disable s/key passwords |
10f72868 | 54 | #ChallengeResponseAuthentication no |
55 | ||
56 | # Uncomment to enable PAM keyboard-interactive authentication | |
57 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' | |
58 | #PAMAuthenticationViaKbdInt yes | |
8efc0c15 | 59 | |
5f4fdfae | 60 | # To change Kerberos options |
8efc0c15 | 61 | #KerberosAuthentication no |
62 | #KerberosOrLocalPasswd yes | |
63 | #AFSTokenPassing no | |
64 | #KerberosTicketCleanup no | |
5f4fdfae | 65 | |
8efc0c15 | 66 | # Kerberos TGT Passing does only work with the AFS kaserver |
67 | #KerberosTgtPassing yes | |
5f4fdfae | 68 | |
a98da4aa | 69 | X11Forwarding no |
70 | X11DisplayOffset 10 | |
71 | PrintMotd yes | |
72 | #PrintLastLog no | |
73 | KeepAlive yes | |
10fa00c8 | 74 | #UseLogin no |
38c295d6 | 75 | |
c345cf9d | 76 | #MaxStartups 10:30:60 |
eea39c02 | 77 | #Banner /etc/issue.net |
61e96248 | 78 | #ReverseMappingCheck yes |
7bbcc167 | 79 | |
80 | Subsystem sftp /usr/libexec/sftp-server |